In cloud computing, some of the responsibilities are split. AWS have a model that helps split this.
AWS is responsible for 'Security of the cloud' - customer data, IAM, network configuration, etc Customers are responsible for 'Security in the cloud' - software, storage, physical, broad networking, etc.
As a rule of thumb, if you can control it in the AWS management console, you are probably responsible for that area.
https://aws.amazon.com/compliance/shared-responsibility-model/